package com.luban.security02.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;

/**
 * @author fujc-dev@qq.com
 */
@Controller
@ResponseBody
@RequestMapping("/admin")
public class AdminController {

    //

    /**
     * <p>@PermitAll 无效 </p>
     * <p>Controller level是在filter level之后生效的。所以路径已经被filter match上了就直接要求认证了。</p>
     * <p>我都直接在filter层加permitAll。</p>
     *
     * @return
     */
    //@RolesAllowed({"user"})
    @GetMapping("/demo")
    public String demo() {
        return "spring security demo111";
    }

}